Wednesday “How too …”: 🔒 Securing Cloud Storage for Lawyers: Best Practices and Ethical Considerations!

/ The Tech-Savvy Lawyer.Page/

As a lawyer, protecting client data is not just a best practice—it's an ethical obligation. There are too many providers to give step-by-step instructions in a “How to” post. But here’s how to ensure any cloud storage is secure while adhering to ABA Model Rules:
(Note that in future postings, we’ll delve deeper into some of the topics below).

Choose a Secure Provider 🛡️

Lawyers have an ethical duty to ensure information they store on the cloud is secure!

Select a cloud service that offers:

  • End-to-end encryption 🔐

  • Compliance with legal industry standards (e.g., HIPAA) 📋

  • Strong authentication methods 🔑

  • Regular security audits 🕵️‍♂️

Implement Strong Access Controls 🚫

  • Enable multi-factor authentication (MFA) for all accounts 📱

  • Set up role-based access controls 👥

  • Regularly review and update user permissions 🔄

 Encrypt Everything 🔒

  • Use end-to-end encryption for all client data

  • Consider additional tools like Cryptomator for highly sensitive documents 🗄️

Secure File Sharing 📤

  • Use secure file sharing features provided by your cloud service

  • Set expiration dates and passwords for shared links ⏳🔑

  • Avoid sharing sensitive information via email 🚫📧

Regular Security Audits 🔍

  • Conduct periodic reviews of your firm's data security practices

  • Keep all security software and systems up-to-date 🔄

  • Review access logs for any suspicious activity 👀

"Cybersecurity isn't a single step 🔒 — it's a multifaceted priority 📚 every lawyer must understand!"

"Cybersecurity isn't a single step 🔒 — it's a multifaceted priority 📚 every lawyer must understand!"

Cybersecurity isn't a single step 🔒—it's a multifaceted priority 📚 every lawyer must understand!

Educate Staff and Clients 📚

  • Train staff on data security best practices 👨‍🏫

  • Inform clients about your data security measures 📢

  • Obtain informed consent from clients for cloud storage use ✍️

Implement Backup and Recovery Plans 💾

  • Regularly backup all client data

  • Test data recovery procedures periodically 🔄

  • Ensure backups are also encrypted and securely stored 🔐

Use Secure Communication Channels 💬

  • Implement encrypted email or secure client portals for communication

  • Avoid discussing sensitive information over unsecured channels 🚫📱

Monitor for Threats 🕵️‍♀️

lawyers need to stay up-to-date on new cloud security developments and cyberattacks on the cloud-storage/backup platform of choice.

  • Use advanced threat detection tools 🛠️

  • Stay informed about the latest cybersecurity threats 📰

  • Have an incident response plan in place 🚨

Comply with Ethical Guidelines 📜

  • Stay updated on your state bar's ethics opinions regarding cloud storage

  • Ensure your practices align with ABA Model Rules 1.1 (Competence) and 1.6 (Confidentiality) ⚖️

By following these steps, lawyers can significantly enhance the security of client data stored in the cloud, meeting their ethical obligations and protecting sensitive information from unauthorized access or breaches. 🛡️👨‍⚖️👩‍⚖️

MTC: Cloud-Based Legal Drafting: Assessing the Safety of Google Workspace and Microsoft 365 for Lawyers.

/ The Tech-Savvy Lawyer.Page/

Is working on your briefs in the “cloud” secure? 🤷

As law firms increasingly embrace cloud technologies, many attorneys are questioning the safety of using platforms like Google Workspace and Microsoft 365 to draft sensitive legal documents such as briefs. This concern is well-founded, given the ethical obligations lawyers have to protect client confidentiality (see generally MRPC 1.6(a). Let’s examine the security measures these platforms offer and consider the implications for legal professionals.

Security Features of Google Workspace and Microsoft 365

Both Google Workspace and Microsoft 365 provide robust security measures designed to protect user data:

  1. Encryption: Both platforms offer encryption for data at rest and in transit.

  2. Multi-factor Authentication: This additional layer of security helps prevent unauthorized access.

  3. Data Loss Prevention (DLP): Policies can be set to prevent sensitive information from being shared inappropriately.

  4. Advanced Threat Protection: Both services include features to detect and prevent malware, phishing, and other cyber threats.

Compliance and Legal Considerations

For lawyers, compliance with industry standards is crucial. Both platforms address this need:

These certifications indicate that both platforms have undergone rigorous third-party audits to ensure they meet stringent security and privacy requirements.

Specific Considerations for Legal Drafting

When it comes to drafting legal briefs, consider the following:

  1. Version Control: Both platforms offer robust version control features, allowing lawyers to track changes and revert to previous versions if necessary.

  2. Access Controls: Administrators can set granular permissions to ensure that only authorized individuals can access sensitive documents.

  3. eDiscovery: Both Google Workspace and Microsoft 365 include tools for eDiscovery, see Google Vault and Microsoft Purview eDiscovery, respectively, which can be crucial in legal proceedings.

  4. Data Residency: For firms handling matters with specific jurisdictional requirements, both platforms offer options to specify where data is stored.

Potential Risks and Mitigation Strategies

While these platforms offer strong security measures, there are still risks to consider:

  1. User Error: The biggest risk often comes from within. Implement regular training on security best practices for all staff.

  2. Third-Party Apps: Be cautious when integrating third-party applications, as they may not adhere to the same security standards.

  3. AI and Machine Learning: When integrating AI tools like Microsoft's Copilot, be aware of potential data exposure risks when using these features for legal drafting.

  4. Ethical Considerations: Ensure that your use of cloud services complies with your jurisdiction's ethical rules regarding client confidentiality.

Conclusion

Lawyers must keep in mind their ethical obligations when working online!

While no system is 100% secure, both Google Workspace and Microsoft 365 offer robust security features that, when properly configured and used, can provide a safe environment for drafting legal briefs. The key is to:

  1. Understand and implement the security features available.

  2. Regularly train staff on security best practices.

  3. Stay informed about updates and new features that could impact security.

  4. Consult with IT professionals to ensure proper configuration.

  5. Regularly review and update your firm's security policies.

By taking these steps, law firms can leverage the benefits of cloud-based platforms while maintaining the security and confidentiality required in legal practice. As always, it's crucial to stay informed about the latest developments in legal technology and security to ensure your firm's practices remain both efficient and ethically compliant.

MTC

Happy Lawyering!

Episode 93, Part II, Revolutionizing Law Practice. How Alexander Pakin Leverages Tech 🖥️ for Legal Success!

/ The Tech-Savvy Lawyer.Page/

In this second part of our conversation with Alexander Paykin, we dive deeper into the practical applications of technology in modern law practice. As a tech-savvy commercial litigator and managing director of The Law Office of Alexander Paykin, P.C., he shares invaluable insights on leveraging cutting-edge tools to enhance legal services.

Paykin explores the transformative power of cloud computing in law firms, discussing its benefits for collaboration and accessibility while addressing critical security concerns. He offers practical advice on implementing robust cybersecurity measures to protect sensitive client data and maintain ethical standards in the digital age.

Drawing from his experience and involvement with bar associations, Paykin provides actionable strategies for attorneys to streamline operations, improve client service, and drive growth through technology. He also looks ahead to emerging technologies shaping the future of legal practice.

This episode is a must-listen for attorneys seeking to harness technology's potential to stay competitive and deliver superior outcomes for clients in an ever-evolving legal landscape.

We discuss the following question and more!

  1. What are the top three ways cloud computing has changed the way Alex's practice law?

  2. What are the top three cybersecurity concerns that lawyers should be aware of when using cloud-based services?

  3. What are the top three ways Alex sees technology continuing to shape the legal profession in the coming years?

Bonus question: What advice would you give to attorneys who are looking to adopt new technologies in their practice?

In this episode, we cover:

[02:15] - Cloud computing in law practice
[06:30] - Cybersecurity concerns and best practices for law firms
[11:45] - Client communication and collaboration tools
[15:30] - The future of legal technology and emerging trends
[20:00] - Advice for attorneys looking to adopt new technologies
[24:15] - The importance of continuous learning in legal tech
[28:00] - Closing thoughts and contact information for Alexander Paykin

RESOURCES

Connect with Alexander

Hardware mentioned:

Software mentioned:

Podcast Episode #77: CLIO Con 2023: Third-Party Apps, CLIO and More, with Shubham Datta

/ The Tech-Savvy Lawyer.Page/

Our next guest is Shubham Datta, the Vice President of Corporate Development at CLIO. As a key figure in overseeing the development and execution of CLIO's strategic growth strategy through acquisitions and investments, Shubham brings forth a wealth of knowledge and a unique perspective on the intricacies of how CLIO collaborates with third-party integrations and more. Shubham is a seasoned Mergers and Acquisitions (M&A) professional driving innovation in the legal tech space. With an extensive background in both buy-side and sell-side M&A, he spearheads efforts to align CLIO's product roadmap with cutting-edge companies.

Join Shubham and me as we discuss the following three questions and more!

  1. What are the top three criteria to prioritize when evaluating third-party application integrations?

  2. How to determine what might be considered unnecessary or incompatible with CLIO platform, possibly without the requirement for specific categories?

  3. In what aspects should legal professionals focus on when assessing new third-party applications for use in CLIO or when comparing them to competitors?

In our conversation, we cover the following:

[01:44] The Three Pillars of Effective Third-Party Integration in CLIO's Legal Tech Ecosystem

[05:13] Core Legal Workflows in CLIO's Ecosystem

[06:55] App Adoption and Integration Challenges in Legal Tech

[09:00] Empowering Legal Innovation: Nuanced Challenges in App Integration

[10:42] A Guide for Lawyers in Choosing Third-Party Apps for CLIO and Beyond

[11:25] Future-Forward Legal Tech

[13:12] AI Innovations to Elevate Legal Practice

[14:58] CLIO: Redefining Legal Practice Management

Resources:

Connect with Shubham:

LinkedIn: linkedin.com/in/shubhamdatta/

Software mentioned in the conversation:

CLIO: CLIO.com/

My Two Cents: Anchoring Your Firm in The Cloud is Not a Great Idea!

/ The Tech-Savvy Lawyer.Page/

IMHO it is not best practice to base your office in the cloud!

I think that online cloud backup and access has really revolutionized how attorneys and the world work! In addition to be able to access your office files anywhere, the security of having additional backups constantly updated and offsite provides an extra layer of relief. Heavens forbid the office catches on fire or someone steals your computer!  But basing and running your firm from the cloud is IMHO a big mistake.

Earlier this month, Microsoft 365, the online office suite, had an outage issue. As Tamal Nandi of Mint reports, “The company said that it was “investigating an issue with accessing Outlook on the web" in a Twitter thread posted on its Microsoft 365 Status account — and added that a “downstream impact" was also identified for Microsoft Teams, SharePoint Online and OneDrive for Business. Microsoft 365 Status later said it had reverted an update and saw an improvement in service — soon confirming recovery for impacted services.” This gives me no ease of mind in using this product. Your work is hosted on the cloud; not on your computer. So, when the host “misplaces” or “losses” your information, it will sync and remove the information from your computer. And then you’re SOL!

Nobody wants to be discover their e-mail has vanished!

I believe I may have been a victim of this as I use 365.  I was understandably freaked when my inbox had zero e-mails!  Note, I only use Outlook for the blog (not the firm and I’m looking for something else for the blog) and I don’t use OneDrive for any of my projects. As a lawyer, can you imagine your inbox emails just “disappearing?” Lawyers have a strong fear of missing out – this is understandable as if you miss an urgent client e-mail or a court notice that you fail to follow up on, it could be your job and possibly your law license.

Granted, it appears that this has only affected thousands maybe tens of thousands out of Microsoft’s million-plus users.  But apparently, this has been a recurring theme for at least this year. And solo and small firm practitioners certainly don’t want to find themselves as being one of the lucky "thousands” of Microsoft users without their inbox – temporarily or permanently.

I don’t know how to reverse backup from the cloud. But by using my computer as the main host of my work, I know I can easily make multiple backups.  My suggestion is to look carefully at the cloud CRM you are using and make sure that you have your “office” based on your computer versus their “cloud” host.  PS: It is one of a few reasons why I use Daylite as my CRM.

MTC.

Happy Lawyering!!!

Shout Out!  Prior TSL.P Podcast Guest David Sparks and his MPU co-host Stephen Hacket discuss data storage!

/ The Tech-Savvy Lawyer.Page/
Mac Power Users

MPU Hosts David Sparks and Stephen Hacket have a great discussion about data storage.

Data storage has, in many people’s opinion, gotten easier over the last few years.  I enjoyed prior TSL.P Podcast Guest David Sparks and Stephen Hackett Mac Power User’s Episode #654: Data Storage in 2022.  It was an informative update on the current means of data storage.  It’s become cheaper to get larger Hard Disk Drives (HDD).  And safer (albeit a little more expensive) with Solid State Drives (SSD).  The episode also served as a good reminder to back up your data.  See my article Help Prevent Your Law Office's Data Loss! (it might be a couple of years old, but it still rings true today!) for a more in-depth discussion about backing up your office files.  And for those Mac users out there, don’t forget Time Machine!

Have a question about data storage?  Feel free to e-mail - simple questions will be answered free of charge.  Those that are a little more complex - something I can't answer in 15 minutes will require an consult fee.

Happy Lawyering!